Extended HTTP Digest Access Authentication

Abstract : User authentication to a server is typically done by presenting a username and a password in some protected form to the server, and having the server verify that those credentials correspond to an identity previously registered and authorized for access. It is crucial that attackers never get access to operational passwords, which typically is achieved by encryption in transit, or through a challenge-response protocol between the client and server computer platforms. However, these mechanisms do not protect passwords at the moment when they are entered into the client computer, which leaves the password exposed to attacks by malware on the client. We present a method for protecting passwords from being exposed on client platforms. The method is an extension of the well-known HTTP Digest Access Authentication which is a challenge-response protocol specified as part of HTTP. The method relies on an external mostly offline personal authentication device called OffPAD which communicates with the client platform. We show how the presented authentication scheme increases security as well as enhances usability with regard to identity management. In addition to describing the OffPAD device, we argue that the HTTP Digest Access Authentication standard does not conform to today’s best practices, and suggest improvements.
Type de document :
Communication dans un congrès
Simone Fischer-Hübner; Elisabeth Leeuw; Chris Mitchell. 3rd Policies and Research in Identity Management (IDMAN), Apr 2013, London, United Kingdom. Springer, IFIP Advances in Information and Communication Technology, AICT-396, pp.83-96, 2013, Policies and Research in Identity Management. 〈10.1007/978-3-642-37282-7_7〉
Liste complète des métadonnées

https://hal.inria.fr/hal-01470505
Contributeur : Hal Ifip <>
Soumis le : vendredi 17 février 2017 - 14:48:57
Dernière modification le : vendredi 17 février 2017 - 15:16:30
Document(s) archivé(s) le : jeudi 18 mai 2017 - 14:27:03

Fichier

978-3-642-37282-7_7_Chapter.pd...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Henning Klevjer, Kent Varmedal, Audun Jøsang. Extended HTTP Digest Access Authentication. Simone Fischer-Hübner; Elisabeth Leeuw; Chris Mitchell. 3rd Policies and Research in Identity Management (IDMAN), Apr 2013, London, United Kingdom. Springer, IFIP Advances in Information and Communication Technology, AICT-396, pp.83-96, 2013, Policies and Research in Identity Management. 〈10.1007/978-3-642-37282-7_7〉. 〈hal-01470505〉

Partager

Métriques

Consultations de la notice

15

Téléchargements de fichiers

41